Jump to content

[Resolved] Something I can't explain


David40
 Share

Recommended Posts

While trying to post a spam email to Spamcop I will go through the pasted email line by line and edit out the "ad" that my AVG Antivirus tags onto every email I send or receive (www.avg.com). Once in a while, after going through an email I'll discover I can't find any link to AVG, but when I process the email I see the AVG URL has been found in the email with the usual "ISP does not wish to receive...blag, blah, blah."

So the question is, how is it the AVG URL is being found by SPAMCOP when I can't find the AVG URL in the email? Is it possible it's somehow hidden from view? I can't explain it.

Thanks

Link to comment
Share on other sites

Hi, David40,

...If you would be willing to provide a "Tracking URL" of a SpamCop parse of such a spam, we may be better able to answer your question. Some possibilities that occur to me:

  • The spam is constructed in a way that prevents your e-mail client from displaying the URL to you.
  • The URL is actually in a header rather than the spam body.
  • The messages from the SpamCop parser that mention AVG are doing so not due to an AVG URL but a reference to a host for which AVG is the abuse address. This is almost certainly not the answer in your case based on what you have posted ("I see the AVG URL has been found in the email").

Link to comment
Share on other sites

  • 2 weeks later...

Hi, David40,

...If you would be willing to provide a "Tracking URL" of a SpamCop parse of such a spam, we may be better able to answer your question.

Just got one. I search through this email and I cannot find any reference URL or address refering to AVG, but SpamCop finds it in there somewhere.

http://www.spamcop.net/sc?id=z5922358693z8...003a64a7a49d13z

Link to comment
Share on other sites

Yes, the links are in the Base64 stuff (as text), including innocent bystander AVG. Evidently parser "de-obfuscating" works just fine on that.

incidentally, I use ToastedSpam for decoding - and there are many others. Had to remove linewrapping in the code by the way - O/P's mail client or something else in the receipt-copy-paste chain is not ideal for forensics but no big thing.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...